MS Exchange 2003 "454 Temporary EXPS-Authentication failure"

Posted on 2006-11-20
Last Modified: 2012-05-05

my mail was working fine, then all of a sudden the Routing Group Connection i had between Server A and Server B started queing mail on the connection located on Server A.

I tried to force a connection, but it was in constant retry state.

So i did a telnet to Server B from Server A, initiated a ehlo <domain name> and the following line came back

454 Temporary EXPS-Authentication failure

After doing some research i found the following description on this error, but the solution doesn't seem to fit in with me at all... As all DC's are functioning correctly in our Domain.. i can't find any errors.
"The error message "454 Temporary EXPS-Authentication failure" is emitted by
the exps (exchange protocol-security) sink in Exchange. Usually this means
that the sink is unable to initialize due to DS connectivity/availability
problems. Are you sure you are not receiving a response to EHLO? This
message is returned as a response to the EHLO command by the Exchange
server. If your domain-controller is down, SMTP might seem to hang for a
little while (as it tries to connect to the DS) before it gives up and comes
back with this error.

I would look in the event-log for other errors, but I think this is a DS
connectivity issue. Pull up ldp.exe and make sure you can connect and query
your DC."______________________________________________________________

I have another server, say Server C, which is setup exactely the same as Server B, and i can telnet from Server A to C without any issues..

I can use the helo command, but after doing a mail it kicks me out with the same error from the telnet session.

As it stands, i've had to create a X.400 connection to alow mail to flow, and have freezed the existing RGC.

If someone could help me understand this a little more, that would be appreciated.

Question by:Haggard1
  • 3
  • 2
LVL 104

Expert Comment

ID: 17991178
I would remove the Routing Group connector. Then recreate them and see what happens.
You should also ensure that the FQDN on the SMTP virtual server of each machine resolves correctly internally.


Author Comment

ID: 17992614
Hi Simon,

thanks for the reply, i've already done this.. and checked the FQDN, all seems fine..

I've been told the following, and are leading to believe that there is an issue with the SMTP service, and i may need to reinstall IIS.

Issue - The metabase is not up to date

1.       Open the properties of the Default SMTP virtual server

2.       Change the IP address from <all unassigned> to the specific IP of the server and restart SMTP

3.       This will force an update of the metabase and may resolve your issue.

4.       If a – c does not resolve the problem you may need to re-install IIS and Exchange using the following KB:
How to remove and reinstall IIS and Exchange:

Note: If you can Telnet to the Exchange server and use the HELO verb. Then successfully submit the MAIL FROM command, but are disconnected with this error “425 5.1.0 Dropping connection due to an error on this server”, then you’ll definitely have to re-install IIS and Exchange as the SMTP protocol is damaged!

The last line, about it droping out after a HELO, then mail from is true for my situation..

My only concern is, if i remove and reinstall IIS, will i have to reinstall Exchange completely, or can you get away with removing IIS, and leaving Exchange..? Sounds all a little to risky for my liking!!
LVL 104

Accepted Solution

Sembee earned 500 total points
ID: 17997108
You cannot remove IIS without damaging Exchange.
The only officially supported way is the removal of Exchange, then IIS, then the install of both.
It has been known to remove IIS from under Exchange, then reinstall IIS, then reinstall Exchange on top of the existing installation (followed by the relevant service pack). However that is high risk and I wouldn't advise it.

Changing the IP address from all unassigned to the specific IP address, even when there is just one, is something I do as standard when setting up a multiple Exchange site.

If you haven't done that already, I would make that change on all the SMTP virtual servers, then recreate the Routing Group Connectors. The RGCs are odd in that they use the information on the SMTP VS when creating the connector, then use some information from the AD. It can easily catch you out if you aren't careful. If you set the IP address specifically then it doesn't cause as many problems.


Author Comment

ID: 18005209
Thanks Simon, I'll give that a shot and keep you posted.

Author Comment

ID: 18005848
Good man, that worked.. Strange however, because as best practise i generally apply the IP address on All 2003 Exchange servers, so anyway, i put it back to original config, restarted the SMTP virtual servers, and bobs your uncle!!

Thanks again

Featured Post

Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
2008R2 and Exchange 2010 network issues 17 51
exchange, virtualization 1 29
Exchange 2013 dual delivery 1 11
cached or not 5 45
Resolve DNS query failed errors for Exchange
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now